Sites Built With Ruby on Rails Suffer New Vulnerability

Here’s something new in the way of security worries: Weaknesses in Ruby on Rails. A significant vulnerability has been found in the popular Web application development framework that can let attackers do unintended things. It’s the second vulnerability — here’s the advisory on the first — detected in Ruby on Rails in as many weeks. First word of the new vulnerability appeared on a Google group devoted to Ruby on Rails security , and Felix Wilhelm, an IT Security blogger, posted some details about how the vulnerability works, without much in the way of detail. The vulnerability allows an attacker to take control of a Web site built using Ruby on Rails, and to execute any code they want. Here’s why you care: It’s one of the most popular Web development frameworks around. Sites built using it include Hulu, Funny or Die, and Scribd. Even Twitter was, in its earlier versions, b...